{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T16:55:13Z","timestamp":1774630513736,"version":"3.50.1"},"reference-count":40,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T00:00:00Z","timestamp":1721260800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoders (bAEs) for dimensionality reduction and encompasses a three-stage detection model: one-class support vector machine (OCSVM) and deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering of applications with noise (DBSCAN) for attack clustering. Accurately delineated clusters aid in mapping attack tactics. The MITRE ATT&CK framework establishes a \u201cCyber Threat Repository\u201d, cataloging attacks and tactics, enabling immediate response based on priority. Leveraging preprocessed and unlabeled normal network traffic data, this approach enables the identification of novel attacks while mitigating the impact of imbalanced training data on model performance. The autoencoder method utilizes reconstruction error, OCSVM employs a kernel function to establish a hyperplane for anomaly detection, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, and minimizing false positives and false negatives. Evaluated on standard datasets such as CIC-IDS2017 and CSECIC-IDS2018, the proposed model outperforms existing state of art methods. Our approach achieves accuracies exceeding 98% for the two datasets, thus confirming its efficacy and effectiveness for application in efficient intrusion detection systems.<\/jats:p>","DOI":"10.3390\/fi16070253","type":"journal-article","created":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T08:39:12Z","timestamp":1721291952000},"page":"253","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":26,"title":["A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3256-5984","authenticated-orcid":false,"given":"Prabu","family":"Kaliyaperumal","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Galgotias University, Dankaur 203201, India"}]},{"given":"Sudhakar","family":"Periyasamy","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Galgotias University, Dankaur 203201, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8416-279X","authenticated-orcid":false,"given":"Manikandan","family":"Thirumalaisamy","sequence":"additional","affiliation":[{"name":"Department of CSBS, Rajalakshmi Engineering College, Tamil Nadu 602105, India"}]},{"given":"Balamurugan","family":"Balusamy","sequence":"additional","affiliation":[{"name":"Associate Dean-Students, Shiv Nadar University, Delhi-NCR Campus, Noida 201305, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9203-1642","authenticated-orcid":false,"given":"Francesco","family":"Benedetto","sequence":"additional","affiliation":[{"name":"Signal Processing for TLC and Economics, University of Roma Tre, 00154 Rome, Italy"}]}],"member":"1968","published-online":{"date-parts":[[2024,7,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"32464","DOI":"10.1109\/ACCESS.2020.2973730","article-title":"Network Intrusion Detection Combined Hybrid Sampling with Deep Hierarchical Network","volume":"8","author":"Jiang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Gandi, V.P., Jatla, N.S.L., Sadhineni, G., Geddamuri, S., Chaitanya, G.K., and Velmurugan, A.K. (2023, January 23\u201325). A Comparative Study of AI Algorithms for Anomaly-based Intrusion Detection. Proceedings of the 7th International Conference on Computing Methodologies and Communication, ICCMC 2023, Erode, India.","DOI":"10.1109\/ICCMC56507.2023.10084186"},{"key":"ref_3","first-page":"3072","article-title":"Detecting network attacks model based on a convolutional neural network","volume":"13","author":"Ali","year":"2023","journal-title":"Int. J. Electr. Comput. Eng."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1109\/TC.2021.3077687","article-title":"Secure Deep Learning in Defense in Deep-Learning-as-a-Service Computing Systems in Digital Twins","volume":"73","author":"Lv","year":"2024","journal-title":"IEEE Trans. Comput."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1748","DOI":"10.1109\/COMST.2023.3273282","article-title":"Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives","volume":"25","author":"Sun","year":"2023","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"106954","DOI":"10.1109\/ACCESS.2023.3318600","article-title":"Revolutionizing Perimeter Intrusion Detection: A Machine Learning-Driven Approach with Curated Dataset Generation for Enhanced Security","volume":"11","author":"Pitafi","year":"2023","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/TC.2020.3042247","article-title":"Multi-Resource VNF Deployment in a Heterogeneous Cloud","volume":"71","author":"Zheng","year":"2022","journal-title":"IEEE Trans. Comput."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"872","DOI":"10.1109\/TC.2023.3347671","article-title":"Joint Virtual Network Function Placement and Flow Routing in Edge-Cloud Continuum","volume":"73","author":"Mao","year":"2024","journal-title":"IEEE Trans. Comput."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Figueiredo, J., Serr\u00e3o, C., and de Almeida, A.M. (2023). Deep Learning Model Transposition for Network Intrusion Detection Systems. Electronics, 12.","DOI":"10.3390\/electronics12020293"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Sarhan, M., Kulatilleke, G., Lo, W.W., Layeghy, S., and Portmann, M. (2022). DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection. arXiv.","DOI":"10.1109\/CCGridW59191.2023.00016"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"12043","DOI":"10.1088\/1742-6596\/2161\/1\/012043","article-title":"Network intrusion detection: A comparative study of four classifiers using the NSL-KDD and KDD\u201999 datasets","volume":"2161","author":"Devarakonda","year":"2022","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Wang, C., Sun, Y., Lv, S., Wang, C., Liu, H., and Wang, B. (2023). Intrusion Detection System Based on One-Class Support Vector Machine and Gaussian Mixture Model. Electronics, 12.","DOI":"10.3390\/electronics12040930"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ren, Y., Feng, K., Hu, F., Chen, L., and Chen, Y. (2023). A Lightweight Unsupervised Intrusion Detection Model Based on Variational Auto-Encoder. Sensors, 23.","DOI":"10.3390\/s23208407"},{"key":"ref_14","first-page":"23","article-title":"A Modified DBSCAN Algorithm for Anomaly Detection in Time-series Data with Seasonality","volume":"19","author":"Jain","year":"2022","journal-title":"Int. Arab. J. Inf. Technol."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1007\/s10270-021-00898-7","article-title":"Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix","volume":"21","author":"Xiong","year":"2022","journal-title":"Softw. Syst. Model."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"e7334","DOI":"10.1002\/cpe.7334","article-title":"An intelligent intrusion detection system for distributed denial of service attacks: A support vector machine with hybrid optimization algorithm based approach","volume":"34","author":"Sokkalingam","year":"2022","journal-title":"Concurr. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Duhayyim, M.A., Alissa, K.A., Alrayes, F.S., Alotaibi, S.S., Tag El Din, E.M., Abdelmageed, A.A., Yaseen, I., and Motwakel, A. (2022). Evolutionary-Based Deep Stacked Autoencoder for Intrusion Detection in a Cloud-Based Cyber-Physical System. Appl. Sci., 12.","DOI":"10.3390\/app12146875"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Mousa, A.K., and Abdullah, M.N. (2023). An Improved Deep Learning Model for DDoS Detection Based on Hybrid Stacked Autoencoder and Checkpoint Network. Future Internet, 15.","DOI":"10.3390\/fi15080278"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"100823","DOI":"10.1109\/ACCESS.2023.3315121","article-title":"Exploiting TTP Co-Occurrence via GloVe-Based Embedding with MITRE ATT&CK Framework","volume":"11","author":"Shin","year":"2023","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Liu, H., and Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Appl. Sci., 9.","DOI":"10.3390\/app9204396"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1007\/s42979-022-01031-1","article-title":"Deep Neural Network Based Real-Time Intrusion Detection System","volume":"3","author":"Thirimanne","year":"2022","journal-title":"SN Comput. Sci."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TICPS.2023.3336608","article-title":"A Two-Level Fusion Framework for Cyber-Physical Anomaly Detection","volume":"2","author":"Guarino","year":"2024","journal-title":"IEEE Trans. Ind. Cyber-Phys. Syst."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"2845","DOI":"10.11591\/eei.v11i5.4145","article-title":"A novel classification and clustering algorithms for intrusion detection system on convolutional neural network","volume":"11","author":"Ramasamy","year":"2022","journal-title":"Bull. Electr. Eng. Inform."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: A systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_25","first-page":"031","article-title":"DDoS Attack Detection System Based on RF-SVM-IL Model Under SDN","volume":"32","author":"Fan","year":"2021","journal-title":"J. Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yaras, S., and Dener, M. (2024). IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm. Electronics, 13.","DOI":"10.3390\/electronics13061053"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Harahsheh, K., Al-Naimat, R., and Chen, C.H. (2024). Using Feature Selection Enhancement to Evaluate Attack Detection in the Internet of Things Environment. Electronics, 13.","DOI":"10.20944\/preprints202403.0211.v1"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Javed, A., Ehtsham, A., Jawad, M., Awais, M.N., Qureshi, A.-H., and Larijani, H. (2024). Implementation of Lightweight Machine Learning-Based Intrusion Detection System on IoT Devices of Smart Homes. Future Internet, 16.","DOI":"10.3390\/fi16060200"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Liao, J., Teo, S.G., Kundu, P.P., and Truong-Huu, T. (2021, January 26\u201328). ENAD: An ensemble framework for unsupervised network anomaly detection. Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021, Rhodes, Greece.","DOI":"10.1109\/CSR51186.2021.9527982"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Almaraz-Rivera, J.G., Cantoral-Ceballos, J.A., and Botero, J.F. (2023). Enhancing IoT Network Security: Unveiling the Power of Self-Supervised Learning against DDoS Attacks. Sensors, 23.","DOI":"10.3390\/s23218701"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., and Alazab, A. (2020). Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics, 9.","DOI":"10.3390\/electronics9010173"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Shafin, S.S., Karmakar, G., and Mareels, I. (2023). Obfuscated Memory Malware Detection in Resource-Constrained IoT Devices for Smart City Applications. Sensors, 23.","DOI":"10.3390\/s23115348"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"11041","DOI":"10.1109\/JIOT.2020.2993410","article-title":"Semisupervised-Learning-Based Security to Detect and Mitigate Intrusions in IoT Network","volume":"7","author":"Ravi","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"102631","DOI":"10.1016\/j.jnca.2020.102631","article-title":"Enhancing collaborative intrusion detection via disagreement-based semi-supervised learning in IoT environments","volume":"161","author":"Li","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Kwon, R., Ashley, T.D., Castleberry, J.E., McKenzie, P.L., and Gourisetti, S.N.G. (2024, July 17). Cyber Threat Dictionary Using MITRE ATT&CK Matrix and NIST Cybersecurity Framework Mapping. United States 2020, Available online: https:\/\/www.osti.gov\/biblio\/1734565.","DOI":"10.1109\/RWS50334.2020.9241271"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018, January 22\u201324). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the ICISSP 2018\u2014The 4th International Conference on Information Systems Security and Privacy, Madeira, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_37","first-page":"409","article-title":"Adaptive DBSCAN with Grey Wolf Optimizer for Botnet Detection","volume":"16","author":"Mustafa","year":"2023","journal-title":"Int. J. Intell. Eng. Syst."},{"key":"ref_38","first-page":"2181","article-title":"Unknown DDoS Attack Detection with Fuzzy C-Means Clustering and Spatial Location Constraint Prototype Loss","volume":"78","author":"Nguyen","year":"2024","journal-title":"Comput. Mater. Contin."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Dwivedi, D., Bhushan, A., Singh, A.K. (2024, January 23\u201324). Leveraging K-means clustering for enhanced detection of network traffic attacks. Proceedings of the 2024 3rd International conference on Power Electronics and IoT Applications in Renewable Energy and its Control (PARC), Mathura, India.","DOI":"10.1109\/PARC59193.2024.10486408"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"An, H., Ma, R., Yan, Y., Chen, T., Zhao, Y., Li, P., Li, J., Wang, X., Fan, D., and Lv, C. (2024). Finsformer: A Novel Approach to Detecting Financial Attacks Using Transformer and Cluster-Attention. Appl. Sci., 14.","DOI":"10.3390\/app14010460"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/7\/253\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:18:46Z","timestamp":1760109526000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/7\/253"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,18]]},"references-count":40,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2024,7]]}},"alternative-id":["fi16070253"],"URL":"https:\/\/doi.org\/10.3390\/fi16070253","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,18]]}}}